Skip to content

chore(deps): bump iainmcgin/cla-github-action from 3.0.0 to 3.2.0#19

Merged
harikaduyu merged 2 commits into
mainfrom
dependabot/github_actions/iainmcgin/cla-github-action-3.2.0
Jun 19, 2026
Merged

chore(deps): bump iainmcgin/cla-github-action from 3.0.0 to 3.2.0#19
harikaduyu merged 2 commits into
mainfrom
dependabot/github_actions/iainmcgin/cla-github-action-3.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps iainmcgin/cla-github-action from 3.0.0 to 3.2.0.

Changelog

Sourced from iainmcgin/cla-github-action's changelog.

Changelog

All notable changes to this fork since it diverged from the upstream cla-assistant/github-action project (archived). The branch point is commit 58daaf8 "Update README to reflect repository status".

Versioning starts at v3.0.0, the first major version after the upstream project's final release (v2.7.1), to make clear this is a divergent line. Changes are grouped by the logical unit of work; each entry links to the commit that introduced it.

Unreleased

Nothing yet.

v3.2.0 — 2026-06-17

Changed

  • CLA sign-comment matching tolerates a small amount of surrounding text. (1f440bd) A comment now counts as a signature when the configured phrase appears on its own line (or its own block of lines, for a multi-line custom-pr-sign-comment), case-insensitive, with trailing ./! ignored, and any other text in the comment is no longer than the phrase itself (minimum allowance 32 characters). Previously the match failed if the comment contained anything on another line — for example a contributor adding recheck below the declaration. The same rule now applies whether or not custom-pr-sign-comment is set; previously that path required a byte-for-byte match. Note this is also slightly stricter on the matching line itself: text before or after the phrase on the same line (other than trailing punctuation) no longer matches, and a line inside a > Markdown blockquote is never treated as the author's own declaration.

v3.1.0 — 2026-06-09

Fixed

  • Pull requests closed without merging are no longer locked. (30dab6b) The lock-pullrequest-aftermerge feature locked the conversation on any closed event, including a contributor closing their own unmerged PR. If the PR was later reopened, the stale lock prevented the bot from commenting and the CLA check could never complete. The lock now only applies when the PR was actually merged.
  • Reopened PRs with a stale lock are unlocked automatically. (30dab6b) A merged PR can never be reopened, so a lock found on a reopened PR is either left over from the lock-on-any-close bug above or was set manually by a maintainer; the action cannot tell the two apart and removes it so the CLA check can comment again. Applies only when lock-pullrequest-aftermerge is enabled. The recommended workflow in the README now includes

... (truncated)

Commits
  • 0d27e5a Cut v3.2.0: promote CHANGELOG Unreleased section to release
  • 1f440bd Relax sign-comment matching to tolerate brief surrounding text
  • 6dd686d README: update example SHA pin to v3.1.0 (b265428)
  • b265428 Cut v3.1.0: promote CHANGELOG Unreleased section to release
  • 30dab6b Only lock merged PRs; unlock stale-locked PRs on reopen
  • e835e36 README: update example SHA pin to v3.0.0 (3e58ace)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump iainmcgin/cla-github-action from 3.0.0 to 3.2.0
b593b2e 
Bumps [iainmcgin/cla-github-action](https://github.com/iainmcgin/cla-github-action) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/iainmcgin/cla-github-action/releases)
- [Changelog](https://github.com/iainmcgin/cla-github-action/blob/master/CHANGELOG.md)
- [Commits](iainmcgin/cla-github-action@3e58ace...0d27e5a)

---
updated-dependencies:
- dependency-name: iainmcgin/cla-github-action
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update an action file github-actions minor Pull requests with new features labels Jun 19, 2026
Copilot AI review requested due to automatic review settings June 19, 2026 03:05
@dependabot dependabot Bot requested a review from a team as a code owner June 19, 2026 03:05
@dependabot dependabot Bot requested review from harikaduyu and monotek June 19, 2026 03:05
@dependabot dependabot Bot added dependencies Pull requests that update an action file minor Pull requests with new features github-actions labels Jun 19, 2026
Copilot AI reviewed Jun 19, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@kaitimmer kaitimmer requested a review from Copilot June 19, 2026 08:35
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@harikaduyu harikaduyu merged commit 202035f into main Jun 19, 2026
9 checks passed
@harikaduyu harikaduyu deleted the dependabot/github_actions/iainmcgin/cla-github-action-3.2.0 branch June 19, 2026 10:59
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 19, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@kaitimmer kaitimmer kaitimmer approved these changes

@monotek monotek Awaiting requested review from monotek monotek is a code owner automatically assigned from Staffbase/product-core-infra

@harikaduyu harikaduyu Awaiting requested review from harikaduyu harikaduyu is a code owner automatically assigned from Staffbase/product-core-infra

Assignees

No one assigned

Labels

dependencies Pull requests that update an action file github-actions minor Pull requests with new features

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kaitimmer @harikaduyu